Windows Defender Antivirus detects and removes this threat.

 

Win32/Mitglieder is a family of trojan downloaders and backdoor trojans. Win32/Mitglieder may download and run files from various URLs. It may capture data from Internet Explorer windows. The trojan may also open backdoors on local TCP ports in order to host an FTP server, enable access to the host computer through a remote shell, or allow the host computer to serve as a proxy to relay network traffic. Win32/Mitglieder may use various means to disable or bypass local security-related software.

Win32/Nuwar.N@MM!CME-711 is a mass-mailing email worm that sends a trojan dropper via email. When the trojan attachment is opened, it installs a distributed peer-to-peer (P2P) downloader for the Win32/Nuwar worm component.

Win32/Virtumonde is a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files.

Virtumonde is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.

Win32/Clodpuntor is a trojan that sends spam e-mail.

Windows Defender detects and removes this threat.

Rogue:Win32/PrivacyCenter is a family of rogues that claims to scan for malware and displays fake warnings of “malicious programs and viruses”. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.

Find out more about rogues from our Rogue information page.

Find out ways that malware can get on your PC.

Windows Defender detects and removes this threat.

This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC.

However, the program hasn't really detected any malware at all and isn't really an antivirus or antimalware scanner. It just looks like one so you'll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.

Different brands of the rogues may modify various settings on your computer, end or close programs or system services, or block access to websites.

Find out ways that malware can get on your PC.

Win32/FakeScanti is a rogue that claims to scan for malware and displays fake warnings of "malicious programs and viruses". It tells you that you need to pay to register this fake program and remove the non-existent threats. Win32/FakeScanti variants have been observed to use names like:

• AKM Antivirus Pro
• AV Guard Online
• BlueFlare Antivirus
• Guard Online
• Milestone Antivirus
• Open Cloud AV
• OpenCloud Antivirus
• Security Guard 2012
• Sysinternals Antivirus
• Windows Antivirus Pro
• Windows Police Pro
• XJR Antivirus
• Your PC Protector

Win32/PornDialer is a detection for tools that dial international numbers. This program was detected by definitions prior to 1.143.2356.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.143.2356.0 which no longer detects this program.

Win32/Vesenlosow is a family of worms that collects information about your computer to send to a remote server, and spreads via removable drives.

In the wild, we have observed the worm using file icons used by the following legitimate tools, in an effort to look like these tools: 

• Freegate tool
• Suduko solver
• UltraSurf

Backdoor:Win32/Rbot.DH is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.BA is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

VirTool:Win32/HiddenRun.B is a utility application that can hide a running program's display windows.

Backdoor:Win32/Rbot.BV is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.CU is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Win32/Gaobot.ZX.worm is a network worm that can spread across network connections by exploiting the vulnerability described in Microsoft Security Bulletin MS03-026. The worm has backdoor capabilities, which allows attackers to control the infected computer using IRC channels. The worm also acts as a bot on the IRC network, coordinated through the IRC command, to launch massive distributed denial of service (DDoS) attacks and retrieve personal and system information.

Backdoor:Win32/Rbot.EJ is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.